parse-community · drew-gross · Aug 27, 2016 · Aug 25, 2016 · Aug 27, 2016 · Aug 27, 2016
diff --git a/Parse-Dashboard/Authentication.js b/Parse-Dashboard/Authentication.js
@@ -0,0 +1,33 @@
+function Authentication(validUsers, useEncryptedPasswords) {
+    this.validUsers = validUsers;
+    this.useEncryptedPasswords = useEncryptedPasswords || false;
+}
+
+Authentication.prototype.authenticate = function (userToTest) {
+  let bcrypt = require('bcryptjs');
+
+  var appsUserHasAccessTo = null;
+
+  //they provided auth
+  let isAuthenticated = userToTest &&
+    //there are configured users
+    this.validUsers &&
+    //the provided auth matches one of the users
+    this.validUsers.find(user => {
+      let isAuthenticated = userToTest.name == user.user &&
+                        (this.useEncryptedPasswords ? bcrypt.compareSync(userToTest.pass, user.pass) : userToTest.pass == user.pass);
+      if (isAuthenticated) {
+        // User restricted apps
+        appsUserHasAccessTo = user.apps || null;
+      }
+
+      return isAuthenticated
+    }) ? true : false;
+
+  return {
+    isAuthenticated,
+    appsUserHasAccessTo
+  }
+}
+
+module.exports = Authentication;
diff --git a/Parse-Dashboard/app.js b/Parse-Dashboard/app.js
@@ -61,6 +61,7 @@ module.exports = function(config, allowInsecureHTTP) {
     };
 
     const users = config.users;
+    const useEncryptedPasswords = config.useEncryptedPasswords ? true : false;
 
     let auth = null;
     //If they provide auth when their config has no users, ignore the auth
@@ -84,29 +85,15 @@ module.exports = function(config, allowInsecureHTTP) {
       return res.send({ success: false, error: 'Configure a user to access Parse Dashboard remotely' });
     }
 
-    let appsUserHasAccess = null;
-    let bcrypt = require('bcryptjs');
-
-    const successfulAuth =
-      //they provided auth
-      auth &&
-      //there are configured users
-      users &&
-      //the provided auth matches one of the users
-      users.find(user => {
-        let isAuthorized = user.user == auth.name &&
-                          (user.pass == auth.pass ||
-                           bcrypt.compareSync(auth.pass, user.pass));
-        if (isAuthorized) {
-          // User restricted apps
-          appsUserHasAccess = user.apps
-        }
-
-        return isAuthorized
-      });
+    let Authentication = require('./Authentication');
+    const authInstance = new Authentication(users, useEncryptedPasswords);
+    const authentication = authInstance.authenticate(auth);
+
+    const successfulAuth = authentication.isAuthenticated;
+    const appsUserHasAccess = authentication.appsUserHasAccessTo;
 
     if (successfulAuth) {
-      if(appsUserHasAccess) {
+      if (appsUserHasAccess) {
         // Restric access to apps defined in user dictionary
         // If they didn't supply any app id, user will access all apps
         response.apps = response.apps.filter(function (app) {

diff --git a/README.md b/README.md
@@ -230,11 +230,13 @@ You can configure your dashboard for Basic Authentication by adding usernames an
       "user":"user2",
       "pass":"pass"
     }
-  ]
+  ],
+  "useEncryptedPasswords": true | false
 }
 ```
 
-You can store the password in either `plain text` or `bcrypt` formats. You can encrypt the password using any online bcrypt tool e.g. [https://www.bcrypt-generator.com](https://www.bcrypt-generator.com).
+You can store the password in either `plain text` or `bcrypt` formats. To use the `bcrypt` format, you must set the config `useEncryptedPasswords` parameter to `true`.
+You can encrypt the password using any online bcrypt tool e.g. [https://www.bcrypt-generator.com](https://www.bcrypt-generator.com).
 
 ### Separating App Access Based on User Identity
 If you have configured your dashboard to manage multiple applications, you can restrict the management of apps based on user identity.

diff --git a/src/lib/tests/Authentication.test.js b/src/lib/tests/Authentication.test.js
@@ -0,0 +1,91 @@
+/*
+ * Copyright (c) 2016-present, Parse, LLC
+ * All rights reserved.
+ *
+ * This source code is licensed under the license found in the LICENSE file in
+ * the root directory of this source tree.
+ */
+jest.dontMock('../../../Parse-Dashboard/Authentication.js');
+jest.dontMock('bcryptjs');
+
+const Authentication = require('../../../Parse-Dashboard/Authentication');
+const apps = [{appId: 'test123'}, {appId: 'test789'}];
+const unencryptedUsers = [
+  {
+    user: 'parse.dashboard',
+    pass: 'abc123'
+  },
+  {
+    user: 'parse.apps',
+    pass: 'xyz789',
+    apps: apps
+  }
+];
+const encryptedUsers = [
+  {
+    user: 'parse.dashboard',
+    pass: '$2a$08$w92YfzwkhB3WGFTBjHwZLO2tSwNIS2rX0qQER.TF8izEzWF5M.U8S'
+  },
+  {
+    user: 'parse.apps',
+    pass: '$2a$08$B666bpJqE9v/R5KNbgfOMOjycvHzv6zWs0sGky/QuBZb4HY0M6LE2',
+    apps: apps
+  }
+]
+
+function createAuthenticationResult(isAuthenticated, appsUserHasAccessTo) {
+  return {
+    isAuthenticated,
+    appsUserHasAccessTo
+  }
+}
+
+describe('Authentication', () => {
+  it('does not authenticate with no users', () => {
+    let authentication = new Authentication(null, false);
+    expect(authentication.authenticate({name: 'parse.dashboard', pass: 'abc123'}))
+      .toEqual(createAuthenticationResult(false, null));
+  });
+
+  it('does not authenticate with no auth', () => {
+    let authentication = new Authentication(unencryptedUsers, false);
+    expect(authentication.authenticate(null))
+      .toEqual(createAuthenticationResult(false, null));
+  });
+
+  it('does not authenticate invalid user', () => {
+    let authentication = new Authentication(unencryptedUsers, false);
+    expect(authentication.authenticate({name: 'parse.invalid', pass: 'abc123'}))
+      .toEqual(createAuthenticationResult(false, null));
+  });
+
+  it('does not authenticate valid user with invalid unencrypted password', () => {
+    let authentication = new Authentication(unencryptedUsers, false);
+    expect(authentication.authenticate({name: 'parse.dashboard', pass: 'xyz789'}))
+      .toEqual(createAuthenticationResult(false, null));
+  });
+
+  it('authenticates valid user with valid unencrypted password', () => {
+    let authentication = new Authentication(unencryptedUsers, false);
+    expect(authentication.authenticate({name: 'parse.dashboard', pass: 'abc123'}))
+      .toEqual(createAuthenticationResult(true, null));
+  });
+
+  it('returns apps if valid user', () => {
+    let authentication = new Authentication(unencryptedUsers, false);
+    expect(authentication.authenticate({name: 'parse.apps', pass: 'xyz789'}))
+      .toEqual(createAuthenticationResult(true, apps));
+  });
+
+  it('authenticates valid user with valid encrypted password', () => {
+    let authentication = new Authentication(encryptedUsers, true);
+    expect(authentication.authenticate({name: 'parse.dashboard', pass: 'abc123'}))
+      .toEqual(createAuthenticationResult(true, null));
+  });
+
+  it('does not authenticate valid user with invalid encrypted password', () => {
+    let authentication = new Authentication(encryptedUsers, true);
+    expect(authentication.authenticate({name: 'parse.dashboard', pass: 'xyz789'}))
+      .toEqual(createAuthenticationResult(false, null));
+  });
+});